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CLAIMS 

What is claimed is: 



1 1 . A system for secure data communication, the system comprising: 

2 a. a processor that provides a first virtual address, a second virtual address, and a 

3 process identifier; 

4 b. a first memory circuit coupled to the processor, the first virtual address 

5 corresponding to a first physical address of the first memory; 

6 c. a memory management circuit coupled to the processor, the memory management 

7 circuit comprising a second memory circuit in operation containing indicia of: 

8 (1) a first association of the first virtual address, the first physical address, and 
^ 9 the process identifier; and 

\l o (2) a second association of the second virtual address, the second physical 

H| 1 address, and the process identifier; wherein 

HI 2 (3) the memory management circuit provides the first physical address in 

jj. 3 response to receiving the first physical address and the process identifier, and provides the second physical 

I 14 address in response to receiving the second physical address and the process identifier; and 
J : 4 5 d. a network interface comprising: 

; !ql 6 (1) a third memory circuit in operation containing indicia of: 

HFl 7 (a) a third association of the first virtual address and the first physical 

ML 8 address; and 

19 (b) a fourth association of the second physical address and the first 

20 physical address; 

21 (2) a command interface circuit that provides a signal in response to receiving 

22 the second physical address and the first virtual address; and 

23 (3) a bridge for coupling the system to a computer network for data 

24 communication, the bridge circuit comprising an interface circuit that couples the system to a provided 

25 network for data communication, the bridge circuit operative, in response to the signal: 

26 (a) to obtain the first physical address from the third memory circuit as 

27 addressed in accordance with the first virtual address; and 

28 (b) to transfer data between the interface circuit and the first memory 

29 circuit as addressed by the first physical address for data communication. 
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1 2. A method for data communication, the method performed by a first computer for 

2 communication with a second computer, the method comprising: 

3 creating a password; 

4 establishing a data communication channel with the second computer, the channel being 

5 identified by a channel identifier; 

6 associating the password with the channel identifier; 

7 creating a first map that associates a plurality of virtual I/O addresses with a plurality of 

8 physical I/O addresses; 

9 associating the first map with a process, the process identified by a process identifier; 
1 0 requiring the process identifier for accessing the first map; 

Q 1 creating a second map that associates a plurality of virtual memory addresses with a 

%l 2 plurality of physical memory addresses; 

H| 3 determining a memory handle in accordance with a virtual address of the second map; 

q!4 associating the password and the memory handle with the second map; 

:f 1 5 requiring the password for accessing the second map; and 

I "1 6 communicating via the channel data identified in accordance with the memory handle . 

jh 1 3 . A method for transmitting data onto a network, the method comprising: 

*P 2 providing a memory handle corresponding to a registered virtual memory address, data at 

|I1 3 the virtual memory address for transmission onto the network; 

4 issuing a command with reference to a registered virtual I/O address; 

5 determining, in response to the command, a physical memory address in accordance with 

6 the memory handle; and 

7 transmitting data that was read in accordance with the physical memory address. 

1 4. A method for data communication, the method comprising: 

2 performing, by a central processor, an I/O write instruction for effecting data 

3 communication by a network controller, the I/O write instruction associated with a process identifier, the 

4 instruction comprising a registered doorbell virtual page number, an operation identifier, and a registered 

5 virtual memory address, each registered address being associated with the process identifier; 
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6 permitting conversion of the doorbell virtual page number to a doorbell physical page 

7 number in accordance with the process identifier; 

8 associating the registered virtual memory address, the doorbell physical page number, and a 

9 password; 

10 permitting conversion of the registered virtual memory address to a physical memory 

1 1 address in accordance with the password; and 

12 performing data communication as effected by the I/O write instruction in accordance with 

1 3 data read in accordance with the physical memory address. 

1 5 . A method for data communication, the method performed by a network interface of a first 

y 2 computer, the first computer comprising a first memory, the network interface comprising a second 

%f 3 memory, the method comprising: 
Jf j 4 receiving a channel identifier; 

m 5 obtaining from a first data structure of the second memory a first password and a physical 

j! 6 address of a description of a block to send, the first data structure accessible in accordance with the channel 

3 7 identifier; 

^ 8 obtaining from a second data structure of the first memory a memory handle and a first 

Q 9 virtual address referring to the first memory, the second data structure accessible in accordance with the 

11 0 physical address of the description of the block to send; 

111 1 determining an index value in accordance with the memory handle and the first virtual 

12 address; 

1 3 obtaining from a third data structure of the second memory a second password and a first 

14 physical address corresponding to the first virtual address, the third data structure accessible in accordance 

1 5 with the index value; 

1 6 abandoning data communication if the first password does not compare successfully with 

17 the second password; and 

1 8 engaging in data communication with reference to the first physical address. 

1 6. A data structure maintained in a network interface, the network interface for installation in a 

2 host computer, the data structure comprising: 

3 a. a plurality of entries, each entry comprising: 
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4 ( 1 ) a physical address of a page of memory of the host computer; 

5 (2) a password; and 

6 (3) a validity flag; wherein 

7 b. entries in the data structure are addressable by an index value, the index value being 

8 determined in accordance with a sum of a memory handle and a virtual address of a page of memory of the 

9 host computer, the virtual address corresponding to the physical address. 

1 7. A data structure maintained in a network interface, the network interface for installation in a 

2 host computer, the network interface for data communication via a plurality of channels, the data structure 

3 comprising: 

P 4 a. a plurality of entries, each entry comprising: 

Cj 5 (1) a first physical I/O address of the host computer, the first physical I/O 

m 6 address for addressing the network interface; 
ffl 7 (2) a password; and 

HF 8 (3) a second physical memory address of the host computer, the second 

IT 9 physical for identifying data for communication by the network interface; wherein 

Ml 0 b. entries in the data structure are addressable by a channel identifier, the channel 

Sasa 

nl 1 identifier for identifying a particular channel of the plurality of channels for data communication. 
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